Cyber Attack Task Force - Final Report - NERC

More documents

Recommendations

Info

Recommendations Following are the recommendations from the task force: Recommendations • Continue to build on the Attack Trees - A significant amount of work has gone into creating the attack tree framework, however recommendations from detailed analysis have not been completed. The top level root node of the attack tree is very specific to the task force scope, but lower level branches are applicable to many other scenarios such as attacks on generation, transmission/distribution or disrupting situational awareness. A separate working group under NERC’s Critical Infrastructure Protection Committee (CIPC) should be established to further develop attack trees with the goal of populating the nodes, performing detailed analysis and providing recommendations to industry from this analysis. While these trees will never be finished, they do provide a solid structure to build on. For example, for each revision to the CIP standards the new requirements could be incorporated into the attack trees and analysis rerun to determine any positive or negative consequences of the propose changes. Prior to release of a NERC Alert, compare mitigation measure actions against the attack trees to determine if the recommendations provide the greatest likelihood of reducing the potential for compromise. At least annually evaluate the attack trees to incorporate new information. Because of the sensitive information captured and developed, the attack trees should be stored and managed as part of the NERC ES-ISAC documentation library, or in some cases, on classified systems. Cyber Attack Task Force Report 33
Page 1 and 2: Cyber Attack Task Force Final Repor
Page 3 and 4: Table of Contents Table of Contents
Page 5: Denial of Service - EMS application
Page 8 and 9: Executive Summary Defining a Coordi
Page 10 and 11: Executive Summary Key Recommendatio
Page 13 and 14: Executive Summary Introduction A hi
Page 15 and 16: Adversaries, Motivations, and Capab
Page 17 and 18: Adversaries, Motivations, and Capab
Page 19 and 20: Low Level Threat Criminals, Hackers
Page 21 and 22: Cyber Threat Group Foreign State Na
Page 23 and 24: What a Coordinated Attack Looks Lik
Page 25 and 26: Expanding each of the two events: S
Page 27 and 28: Detection Capabilities Global Monit
Page 29 and 30: Detection Capabilities Appendix F c
Page 31 and 32: Defensive Capabilities / Deterrence
Page 33 and 34: For example: Defensive Capabilities
Page 39 and 40: Responses to Attack Responses to At
Page 41 and 42: Responses to Attack staff to locati
Page 43: Responses to Attack Entities that u
Page 47 and 48: Recommendations • Continue to end
Page 49 and 50: Recommendations • Continue to Ext
Page 51 and 52: Communications Content Advanced Tec
Page 53 and 54: The Use of Attack Trees in Assessin
Page 55 and 56: Last Name First Name Company Breed
Page 57 and 58: Appendix A: Introduction to Attack
Page 59 and 60: New Zealand • CCIP - Center for C
Page 61 and 62: Appendix C: Cyber Event Scenarios f
Page 63 and 64: Denial of Service - EMS application
Page 65 and 66: Realistic Data Injection Appendix C
Page 67: ICS Industrial Control System IDS I
Page 70 and 71: Appendix E: Potential Responses to
Page 72 and 73: Appendix E: Potential Responses to
Page 74 and 75: Appendix F: Precursors and Local In
Page 77 and 78: Appendix H: Defensive Capabilities
Page 79 and 80: Appendix I: CRPA Observations and R
Page 81 and 82: Appendix I: CRPA Observations and R
Page 83 and 84: Appendix J: Case Studies Appendix J
Page 85 and 86: Appendix J: Case Studies TAKE AWAY
Page 87 and 88: Appendix K: Task Force Goals and Ob

Cyber Attack Task Force - Final Report - NERC

Create successful ePaper yourself

Delete template?

Save as template?